What your employees will learn during our training:
- Your employees will learn how a simple phishing email can lead to a data breach or ransomware attack. We illustrate the consequences using real-life examples of your peer organisations which have suffered from such an incident. The objective of this section is to transform mindsets from “we would never be hacked” to “we could be hacked”
- Your employees will get an understanding of how technical defences such as firewalls, email security gateways and end-point anti-virus cannot fully mitigate against phishing emails. This makes your workforce understand the vital role they play in keeping the information assets of your organisation secure. Employee accountability is a critical feature of maintaining a good IT security posture.
- The psychological techniques used by cyber criminals when constructing their phishing emails, including emotional triggers, false trust cues, and how cyber criminals exploit our innate cognitive biases. Using real-life examples, we show how cyber criminals exploit the brain’s System 1 thinking to persuade users to open malicious emails and links.
- Office365 has become a very popular medium for phishing. Using real-life examples, we show your employees some of the most common phishing scams used in Office 365, along with actionable strategies on how to spot and prevent them. This section covers topics such as malicious macros, and multi-factor authentication bypass techniques such as 0auth. Clear and actionable information is given to your employees commensurate with their existing IT skillset.
- The dangers of look-a-like domains (websites). Many users are oblivious to just how easily cyber criminals can deploy fake (or cloned) websites. While these domains look like trusted websites, they’re commonly used to steal credentials for platforms such as Office 365, SharePoint, and other online services.
- Business email compromise – A BEC attack occurs when a cyber criminal intercepts an invoice between a supplier and a customer. Typically, the invoice typeface, logo, and wording will be emulated to perfection but the payment details will have changed. The cyber criminal will also use a highly convincing pretext as to why the bank account details have changed. A successful BEC attack can result in the loss of thousands of Euro. We show your employees the mechanism of this sophisticated attack along with some real-life case studies and actionable steps on how to prevent it.
- Vendor email compromise – In this type of phishing attack a hijacked email account of a trusted supplier is used to trick users into clicking a malicious attachment or URL. These types of attacks tend to be highly successful because most users instinctively trust emails from known entities. In this section, using real-life examples, we show your users how to spot the telltale signs of a VEC attack.
- Some cyber criminals will send out highly targeted emails to certain employees in your organisation, such as those working in finance or payroll. This is known as spear-phishing. These emails contain a lot of detail and can be very convincing. Using real-life examples, we show your employees how spear-phishing works and what can be done to prevent it.
- Your employees are shown how internal phishing and impersonation works. This is important because most end-users don’t expect malicious emails from colleagues or management (this usually occurs because their colleague’s or manager’s email has been compromised, or their email address is being spoofed.)
- Your employees are reminded of the importance of reporting phishing incidents. They are shown the rudimentary mechanics of how malware operates, and the implications of a breached email account. This helps them understand the importance of early reporting.
CyberGame – Phishing Edition
Now is the chance for your employees to put their newly learnt knowledge on phishing attacks into action. During this tabletop exercise, we put participants into teams and ask them to devise their very own phishing campaign. This gets them thinking like a hacker, gets them talking about cyber security, and aids in retention of the training content.
Course Delivery
- Live interactive training
- Virtual interactive training (via Teams etc.)
- Pre-recorded session customised to job role or industry sector
- Onsite training
- E-learning (Microlearning)
Training Duration:
- 2.5 hours
Our training is customised to your industry sector and job roles for enhanced employee engagement and content retention.
Deliverable:
Certificate of Anti-Phishing Awareness and Mitigation
Benefits of our anti-phishing training:
- Top-of-the-mind awareness of phishing threats. Employees are made aware of the high disruptive effect of a cyber-attack, even when complete data back-ups have been made.
- Improved cyber hygiene behaviours when opening emails, SMS messages, and when opening messages on social media platforms.
- Phishing training signals to your employees that you’re serious about cyber security. This results in an enhanced security posture and culture.
- With cyber resilient employees your organisation will be at a lower risk of operational downtime, financial loss, and reputational damage incurred by a successful phishing attack.
- Give your customers and other stakeholders confidence in your IT security.
- Free up the time of your in-house or outsourced IT support to work on bigger projects.
- Our phishing training amplifies and reinforces your own in-house cyber security messaging and IT security policies.
- Meet your compliance requirements for cyber security insurance, ISO27001, and PCI DSS.
- Our engaging instructor-led training conveys the sophistication and nuances of phishing attacks. This ignites a positive and genuine discussion about cyber security in your organisation, and creates a positive culture of cyber security.